TMF Drafts Guidance on Security Design for IT

New IT system design guidelines have been written by the TM Forum’s Open Digital Architecture (ODA) project in order to help service providers manage their security and privacy risks. Dave Milham, Chief Architect of the TM Forum, wrote that:

They cover a full enterprise lifecycle vision for security and governance, and offer a detailed set of methods for enterprise risk assessment which are suitable for DevSecOps automation.

The IG1186 ODA Governance and Security Vision guidance takes and applies best practice from other organizations, including the TOGAF Standard from the Open Group. The purpose is to show how to deliver security and privacy by design through a well-defined ODA lifecycle methodology.

The IG1187 ODA Enterprise Risk Assessment guidance offers introductory advice on how to gauge the risk appetite, risk tolerance, and asset exposure of an enterprise. It may be used by either service providers or vendors as part of the way they design and implement effective governance and security processes.

These documents are the product of a workshop which was hosted by Oracle and supported by Vodafone and Huawei. They may be downloaded by members of the TM Forum.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.